CVE-2019-10624

EPSS 0.05%
Veröffentlicht 16.04.2020 11:15:14
Zuletzt bearbeitet 21.11.2024 04:19:36
Quelle product-security@qualcomm.com
Teams Watchlist Login
Unerledigt Login

While handling the vendor command there is an integer truncation issue that could yield a buffer overflow due to int data type copied to u8 data type in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile in APQ8096AU, MSM8996AU, QCA6574AU, QCN7605, Rennell, SC8180X, SDM710, SDX55, SM7150, SM8150, SM8250, SXR2130

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Qualcomm ≫ Apq8096au Firmware Version-

Qualcomm ≫ Apq8096au Version-

Qualcomm ≫ Msm8996au Firmware Version-

Qualcomm ≫ Msm8996au Version-

Qualcomm ≫ Qca6574au Firmware Version-

Qualcomm ≫ Qca6574au Version-

Qualcomm ≫ Qcn7605 Firmware Version-

Qualcomm ≫ Qcn7605 Version-

Qualcomm ≫ Rennell Firmware Version-

Qualcomm ≫ Rennell Version-

Qualcomm ≫ Sc8180x Firmware Version-

Qualcomm ≫ Sc8180x Version-

Qualcomm ≫ Sdm710 Firmware Version-

Qualcomm ≫ Sdm710 Version-

Qualcomm ≫ Sdx55 Firmware Version-

Qualcomm ≫ Sdx55 Version-

Qualcomm ≫ Sm7150 Firmware Version-

Qualcomm ≫ Sm7150 Version-

Qualcomm ≫ Sm8150 Firmware Version-

Qualcomm ≫ Sm8150 Version-

Qualcomm ≫ Sm8250 Firmware Version-

Qualcomm ≫ Sm8250 Version-

Qualcomm ≫ Sxr2130 Firmware Version-

Qualcomm ≫ Sxr2130 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.137

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	4.6	3.9	6.4	AV:L/AC:L/Au:N/C:P/I:P/A:P

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

CWE-681 Incorrect Conversion between Numeric Types

When converting from one data type to another, such as long to integer, data can be omitted or translated in a way that produces unexpected values. If the resulting values are used in a sensitive context, then dangerous behaviors may occur.

https://www.qualcomm.com/company/product-security/bulletins/april-2020-bulletin

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-10624

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-10624

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-10624

EUVD